Weekly Privacy News Update – Episode 46


Instagram faces EUR 405 million fine for children’s privacy violations under the GPDR

The Irish Data Protection Commission (DPC) issued a EUR 405 million fine to Instagram for violations of children’s privacy under the EU General Data Protection Regulation (GDPR). The fine is the second-largest GDPR penalty to be issued; it involves allegations derived from Instagram’s default account setting for children aged 13-17 that jeopardized email addresses and phone numbers connected to their accounts. The investigation began in October 2020, and the preliminary decision of the DPC triggered a dispute-resolution mechanism to deal with other EU data protection authorities input on the penalty.

Source: wodc.nl, IAPP

White House and experts to discuss privacy and online safety

US President Joe Biden’s administration members will meet with experts to discuss privacy, online safety, competition, and Big Tech harms. The discussion will concentrate on creating an outline of specific harms from the practices and platform accountability of Big Tech companies. Officials from the Chief of Staff’s Office, the National Economic Council, the Office of Science and Technology Policy, and the National Security Council are expected to join the discussion. Even though President Biden announced strengthening privacy protection and cautioned on the negative aspects of social media on young people’s mental health in his State of the Union address, the administration has concentrated on other legislative priorities.

Source: Axios, IAPP

Kids’ game app in violation of COPPA and CARU’s privacy guidelines

The Better Business Bureau’s (BBB) National Programs’ Children’s Advertising Review Unit (CARU) has found Tilting Point Media, LLC, the owner and operation of SpongeBob: Krusty Cook-Off app, violated the Children’s Online Privacy Protection Act (COPPA). The company also violated CARU’s Self-Regulatory Guidelines for Advertising and Children’s Online Privacy Protection. The guidelines state that companies are not allowed to collect the personal data of users below 13 years old. The reviewers from CARU could access the app by posing as a 10-year-old and found that they could consent to receive personalized advertising. Tilting Point Media has fully cooperated with CARU’s self-regulatory program and has proactively made changes to address the concerns.

Source: Better Business Bureau – National Programs, IAPP

Lawsuit to Maine’s opt-in privacy law pulled back by ISP lobbyists

Lobbyist withdrew their lawsuit against the state of Maine’s opt-in privacy law. The lawsuit was filed in support of broadband internet providers against Maine’s privacy law that required internet service providers (ISP) to secure explicit consent from users before using web browsing data for ad targeting. Industry advocacy groups who brought the lawsuit accused the privacy law of violating the First Amendment by limiting ISPs from collecting and selling user data but allowing online companies that include search engines to collect user data for targeted advertising.

Source: MediaPost, IAPP

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources